gafgyt | 5b42eafa4822b85ebbdab04a5b68fb57021eaeec697d81a5a379639e0a4a9e88 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0eae612be68b3718a8924e69cee5ae43
Size

106KB
Sample

231219-2e3k6sbhh5
MD5

0eae612be68b3718a8924e69cee5ae43
SHA1

b9d06ab82920641da6bac0c27c64f867d88c962d
SHA256

5b42eafa4822b85ebbdab04a5b68fb57021eaeec697d81a5a379639e0a4a9e88
SHA512

ddb9bbfd742fb8cd359583440b29bae3b99474286c09dcef15d3805db51b5d27ca50ccc76ff93fe3265adab34f177f5d5bdf6bf93b1098c491394349cd94aa73
SSDEEP

3072:V9AS8f554Thkn770uRRaQivxv1cdXxxCQ6rGGuQTXW:purivxvcXxxCQ6r1uQTXW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

46.29.164.93:626

Targets

- Target
  
  0eae612be68b3718a8924e69cee5ae43
- Size
  
  106KB
- MD5
  
  0eae612be68b3718a8924e69cee5ae43
- SHA1
  
  b9d06ab82920641da6bac0c27c64f867d88c962d
- SHA256
  
  5b42eafa4822b85ebbdab04a5b68fb57021eaeec697d81a5a379639e0a4a9e88
- SHA512
  
  ddb9bbfd742fb8cd359583440b29bae3b99474286c09dcef15d3805db51b5d27ca50ccc76ff93fe3265adab34f177f5d5bdf6bf93b1098c491394349cd94aa73
- SSDEEP
  
  3072:V9AS8f554Thkn770uRRaQivxv1cdXxxCQ6rGGuQTXW:purivxvcXxxCQ6r1uQTXW
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1